Transcription

1 Cradlepoint to Paloalto VPN Example Summary This configuration covers an IPSec VPN tunnel setup between a Cradlepoint Series 3 router and a Paloalto firewall. IPSec is customizable on both the Cradlepoint and Paloalto platforms to fit into a variety of network and security requirements however; this configuration example will address only the basic configuration and a VTI configuration (Firmware 5.4 or greater). Standard IPSec VPN Topology 1

2 Configuration Configuration Difficulty: Intermediate Cradlepoint Configuration: - Step 1: Log into the router's Setup Page. For help with logging in please click here. - Step 2: Click on Internet and select VPN Tunnels from the drop-down menu. - Step 3: Under VPN Tunnels click Add. - Step 4: Enter a Tunnel Name. - Step 5: Enter a Pre-Shared Key. - Step 6: Set the Initiation Mode to your desired setting. o Note: On Demand will leave the tunnel idle until traffic bound for the other side of the tunnel is detected. Always On will keep the tunnel active whenever the WAN connection is active. - Step 7: Click Next. - Step 8: In the Local Networks section click Add and enter the LAN of Cradlepoint you want to be available across the VPN tunnel. - Step 9: Click Next. 2

6 o If there isn t one available you can click the link to create a new profile (Recommended at a minimum: Ping and all forms of HTTP) - Step 8: From the left hand menu select Virtual Routers and select the name of the Virtual Router being used - Step 9: Choose Static Routes from the left hand menu and click Add at the bottom of the page - Step 10: Set the Name for the static route - Step 11: Set the Destination to the LAN address range of the Cradlepoint - Step 12: Set the Next Hop to None - Step 13: click OK at the bottom of the window and check that the routes are correct Step 14: Click OK on the Virtual Router window - Step 15: From the left, select IKE Crypto under Network Profiles and click Add at the bottom of the page - Step 16: Add the DH Group as group 2 - Step 17: Add the Authentication Algorithm as sha1 6

7 - Step 18: Add the Encryption Algorithm as aes128 - Step 19: Click OK - Step 20: From the left, select IPSec Crypto under Network Profiles and click Add at the bottom of the page - Step 21: For the IPSec Protocol select ESP - Step 22: follow steps 16 to 19 above - Step 23: From the left, select IKE Gateways under Network Profiles and click Add at the bottom of the page - Step 24: Enter a Name and set the Interface to the physical external interface (with the public IP assigned to it) - Step 25: Set the Peer IP Type to Static and the Peer IP Address to the remote IP of the Cradlepoint - Step 26: Set the Authentication to Pre-Shared Key and set the Pre-shared Key with the password for the tunnel - Step 27: Confirm it in the Confirm Pre-shared Key 7

8 - Step 28: Select the Advanced Phase 1 Options from the tabs at the top of the window - Step 29: Set the Exchange Mode to main and the IKE crypto profile to the previously created profile - Step 30: Optional: ensure Dead Peer Detection is enabled and select OK - Step 31: From the left, select IPSec Tunnels and click Add at the bottom of the page - Step 21: Fill in a Name and set the Tunnel Interface to the interface originally created - Step 32: Leave the Type as Auto Key - Step 33: Set the IKE Gateway and IPSec Crypto Profile to the previously configured gateway and profile 8

9 - Step 34: Click the Proxy IDs tab at the top of the window and click Add at the bottom of the window - Step 35: Enter a name in the Proxy ID field - Step 36: In Local enter the Paloalto s LAN network - Step 37: in Remote enter the Cradlepoint s LAN network - Step 38: Leave Protocol as Any and click OK for both popup windows - Step 39: Click Commit at the top right of the page to save the settings and commit it to the Paloalto - Step 40: After a few minutes the Status lights on the tunnel should go green - Step 42: Also check on the Cradlepoint under Status > VPN Tunnels 9

11 Cradlepoint Configuration: - Step 1: Log into the router's Setup Page. For help with logging in please click here. - Step 2: Click on Internet and select VPN Tunnels from the drop-down menu. - Step 3: Under VPN Tunnels click Add. - Step 4: Enter a Tunnel Name. - Step 5: Enter a Pre-Shared Key. Step 6: Set the Mode to VTI Tunnel - Step 7: Set the Initiation Mode to your desired setting. o Note: On Demand will leave the tunnel idle until traffic bound for the other side of the tunnel is detected. Always On will keep the tunnel active whenever the WAN connection is active. - Step 8: Click Next. 11

12 - Step 9: In the Local VTI Configuration section enter the Local virtual address and Local subnet with the tunnel network of Cradlepoint you want to use. - Step 10: Click Next. - Step 11: Enter the WAN IP of the Paloalto in the Remote Gateway. - Step 12: Enter the Paloalto s VPN tunnel endpoint in the Remote virtual address. - Step 13: In the Remote Networks section click add and enter the LAN of Paloalto you want to be available across the VPN tunnel. - Step 14: Click Next. 12

15 - Step 23: Under VPN Tunnels click Enable VPN Service to start the VPN service on the router. - Step 24: Go to Network Settings > Firewall / QoS and select Zone Firewall - Step 25: Click Add under Zones and fill in a name for the new Zone - Step 26: Click Add to create a new Interface and set the VTI Config Name - Step 27: Click Submit - Step 28: Go to the Forwardings section and Add forwarding rules as needed o Note the example below 15

16 16

17 Paloalto Configuration: - Step 1: Follow the Paloalto configuration for a standard IPSec VPN tunnel found above - Step 2: Under the Virtual Routers select the virtual router being used and select Static Routes from the left - Step 4: Edit the static route for the VPN tunnel by clicking the configured name (destination of Cradlepoint s LAN) - Step 5: Change the Next Hop to IP Address, fill in the Cradlepoint s tunnel interface address in the box and select OK - Step 7: Under IPSec Tunnels, edit the tunnel created - Step 8: Click on the Proxy IDs tab at the top and delete the Proxy ID that is configured - Step 9: Click OK - Step 10: After a few minutes the Status lights on the tunnel should go green 17

Configuration Guide How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Cisco Firewall Overview This document describes how to implement IPSec with pre-shared secrets establishing

Using IPsec VPN to provide communication between offices This example provides secure, transparent communication between two FortiGates located at different offices using route-based IPsec VPN. In this

Configuration Guide How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Fortinet Firewall Overview This document describes how to implement IPSec with pre-shared secrets establishing

How to create IPSec tunnels by Windows XP built in VPN client? (not using DrayTek SmartVPN) Topology In this example, a PC with Windows XP system dials up an IPSEC VPN connection to Vigor router. The IP

Network/VPN Overlap How-To with SonicOS 2.0 Enhanced Updated 9/26/03 SonicWALL,Inc. Introduction In this whitepaper, we will configure a VPN tunnel between two SonicWALLs running SonicOS 2.0 Enhanced that

Configuration Guide How to establish IPsec VPN Tunnel between D-Link DSR Router and iphone ios Overview The iphone is a line of smartphones designed and marketed by Apple Inc. It runs Apple s IOS mobile

A P P L I C A T I O N N O T E Creating a Gateway to Client VPN between Sidewinder G2 and a Mac OS X Client This application note describes how to set up a VPN connection between a Mac client and a Sidewinder

How to Configure an IPsec Site-to-Site VPN to a Microsoft Azure VPN Gateway You can configure your local Barracuda NG Firewall to connect to the IPsec VPN gateway service in the Windows Azure cloud. In

DFL-210/260, DFL-800/860, DFL-1600/2500 How to setup IPSec VPN connection This setup example uses the following network settings: In our example the IPSec VPN tunnel is established between two LANs: 192.168.0.x

Chapter 4 Virtual Private Networking This chapter describes how to use the virtual private networking (VPN) features of the FVL328 Firewall. VPN tunnels provide secure, encrypted communications between

Creating IPSec Site-to-Site VPN Tunnel between a Organization vdc vshield Edge and Remote Network In this document you will find the manual for configuring the Network, creating firewall rules and test

Configuring a Check Point FireWall-1 to SOHO IPSec Tunnel This document describes the procedures required to configure an IPSec VPN tunnel between a WatchGuard SOHO or SOHO tc and a Check Point FireWall-1.

Configuring IPsec VPN between a FortiGate and Microsoft Azure The following recipe describes how to configure a site-to-site IPsec VPN tunnel. In this example, one site is behind a FortiGate and another

Deploying the Barracuda Link Balancer with Cisco ASA VPN Tunnels This article provides a reference for deploying a Barracuda Link Balancer under the following conditions: 1. 2. In transparent (firewall-disabled)

Configuring an IPsec VPN to provide ios devices with secure, remote access to the network This recipe uses the IPsec VPN Wizard to provide a group of remote ios users with secure, encrypted access to the

Prepared by SonicWALL, Inc. 6/10/2003 Introduction: VPN standards are still evolving and interoperability between products is a continued effort. SonicWALL has made progress in this area and is interoperable

VPN Configuration Guide ZyWALL (4.x Firmware) 2010 equinux AG and equinux USA, Inc. All rights reserved. Under copyright law, this configuration guide may not be copied, in whole or in part, without the

Creating IPSec Site-to-Site VPN Tunnel between a Organization vdc vshield Edge and Remote Network In this document you will find the manual for configuring the Network, creating firewall rules and test

Configure an IPSec Tunnel between a Firebox Vclass & a Check Point FireWall-1 This document describes how to configure an IPSec tunnel between a WatchGuard Firebox Vclass appliance (Vcontroller version

VPN For BIPAC 741/743GE August, 2003 1 The router supports VPN to establish secure, end-to-end private network connections over a public networking infrastructure. There are two types of VPN connections,

Configuring the PIX Firewall with PDM Objectives In this lab exercise you will complete the following tasks: Install PDM Configure inside to outside access through your PIX Firewall using PDM Configure

How To Configure L2TP between Cyberoam and Windows 7 How To Configure L2TP VPN between Cyberoam and Windows 7 Applicable Version: 10.00 onwards Scenario Configure and establish an L2TP connection between

DI-804HV with Windows 2000/XP IPsec VPN Client Configuration Guide This guide will show how to configure a Windows 2000/XP machine to make an IPsec VPN Tunnel connection to a DI-804HV. Below is the example

Fireware How To VPN How do I set up a manual branch office VPN tunnel? Introduction You use Branch Office VPN (BOVPN) with manual IPSec to make encrypted tunnels between a Firebox and a second IPSec-compliant

Multi- Site Dual ISP Redundant Site- to- Site VPN with OSPF Failover By Mike Lutgen January 2016 This document covers the configuration of a multi- site VPN scenario with dual ISPs and quadruple VPN tunnels

How To Establish Site-to-Site IPSec Connection between Cyberoam and Cisco Router (through Command Line) using How To Establish Site-to-Site Preshared IPSec Connection key between CR and Cisco Router using

Configuring an IPSec Tunnel between a Firebox & a Check Point FireWall-1 This document describes how to configure an IPSec tunnel with a WatchGuard Firebox II or Firebox III (software version 4.5 or later)

WINXP VPN to ZyWALL Tunneling 1. Setup WINXP VPN 2. Setup ZyWALL VPN This page guides us to setup a VPN connection between the WINXP VPN software and ZyWALL router. There will be several devices we need

How to configure an IPSec VPN site-to-site with Microsoft Azure and TechSupport Articles Panda 2015 This HowTo explains how to configure a site-to-site with Microsoft Azure and Gatedefender eseries v5.50.50

Note: DIR-130 FW: 1.21 How to Setup PPTP VPN Between a Windows PPTP Client and the DIR-130. This setup example uses the following network settings: D-Link Technical Support PPTP VPN Between Windows PPTP